Uploaded image for project: 'Apache Cordova'
  1. Apache Cordova
  2. CB-13190

Potential unreleased resources (HP Fortify SCA: Unreleased Resource: Streams)

    XMLWordPrintableJSON

    Details

      Description

      Similar issue: https://issues.apache.org/jira/browse/CB-8253

      There are several places in the File plugin, File Transfer plugin and cordova-android where streams do not use try

      { fis.closed }

      catch (IOException e) {} in a finally block allowing for the possibility they will never be closed if an exception occurs at the wrong place.

      Affected files:
      cordova-android/~CordovaResourceApi.java: line: 166, 377
      cordova-plugin-file/~Filesystem.java: line: 253, 286
      cordova-plugin-file-transfer/~FileTransfer.java: line: 665
      cordova-plugin-file/~LocalFilesystem.java: line: 403, 461, 507

      Recommendations of Fortify:

      public void processFile(String fName) throws FileNotFoundException, IOException {
        FileInputStream fis;
        try {
          fis = new FileInputStream(fName);
          int sz;
          byte[] byteArray = new byte[BLOCK_SIZE];
          while ((sz = fis.read(byteArray)) != -1) { processBytes(byteArray, sz); }
        } finally {
          if (fis != null) {
            safeClose(fis);
          }
        }
      }
      
      public static void safeClose(FileInputStream fis) {
        if (fis != null) {
          try {
            fis.close();
          } catch (IOException e) {
            log(e);
          }
        }
      }
      

        Attachments

          Activity

            People

            • Assignee:
              bowserj Joey Robert Bowser
              Reporter:
              gssfed GSS FED
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: